Subscribe to our Best Free Adware/Spyware/Scumware Remover
|
In a Hurry?
|
 Go straight to the Quick Selection Guide |
|
Introduction
|
|
It's been some time since my last round of testing, and the time has certainly come for a refresher. Adopting much the same approach as previously, I have been asked if there were any surprises, and the honest answer is yes, there have. The most significant surprise was how difficult I was finding it to infect my system in the first place. After three hours of browsing, deliberatley choosing websites and domains where infection was almost a prerequisite, I had nothing, and it was only after investigating various system settings that I found out why. For those looking for the technical "how I did it", I once again started with a clean install of XP SP2 on a virtual machine, patched with the necessary microsoft updates. I deliberately did not upgrade to SP3. Having gotten my clean install, I backed it up, and then went off to infect it. Before doing so I downloaded installation packages for those on test, and once I had my machine infected, I backed up the infected machine. I restored the original infected machine to test each product, ensuring a level playing field for each test. Finally, I did incremental scans with each product on the same infected system. |
|
Discussion
|
|
So, the question is why was it so hard for me to get my machine infected in the first place, and having identified the "problem", my top recommendation is not an anti-malware product, and doesn't even involve a download or a scan of any type. It doesn't offer any form of protection on your PC, but it will help enormously against infection in the first place. What is this magic solution? For some time, I have been using OpenDNS as my DNS server, rather than my ISPs own offering. I hadn't realised how pro-active OpenDNS is in the fight against drive by malware protection. Quite simply, every time I tried to visit a site guaranteed to infect me, it was simply shown as not found. During normal browsing sessions you never see this, and so it took me a while to realise the cause. Only after switching back to my ISP hosted DNS was I able to find the infections that I craved. Requiring only a quick, free registration and simple confirguration change, you improve your protections considerably. Having made that recommendation, it is still possible to infect your system, either running software that may spread infection, or visiting sites that may not be in OpenDNS blacklist, and whilst an excellent first line of defence, local protection is still a must. Top of the list once again is SuperAntiSpyware, which successfully detected and cleaned 121 threats on my test system. A fairly lightweight download and simple installation (5.99 MB) mean that this is not a burdensome product. If anything, the general package, whilst aesthetically similar, is improved since last time, managing to detect and clean after a single scan rather than the two scans required last time. A reboot to complete cleaning was still required, though this is a minor inconvenience, and required by most packages. If I had to raise a critisicm, it's that the freeware version still installs a startup item which doesn't actually do anything at all. In the paid version, it loads the always on protection which is not available in the freeware version. This minor annoyance aside, it remains my top recommendation.
Promoted this time to joint second place is A-Squared free edition, and let me be very clear that it is ONLY the free edition that I am able to recommend. A-Squared was able to identify just 43 infections, though some of the more serious threats identified by SAS were included in these. If we disregard tracking cookies, then the margins narrow. However, detection rate is only half the battle, and unfortunately A-Squared was unable to automatically clean some of the more virulent infections found itself. Nevertheless, it helpfully provides a link to forums for manual removal instructions.
The downside of A2 is the download size, being a huge 54.2 MB, immediately followed by a further 20MB updates. Anyone on restricted bandwidth or dial up may be advised to look elsewhere, but for an average broadband connection this should not be a factor.
As mentioned, I can only recommend the freeware version. During testing I inadvertently downloaded the full version of A2, which runs in evaluation mode for 30 days. Strangely, the full version hung on the scan during each test (though the program itself didn't crash), which is a particular worry.
Sharing the second place spot is MalwareBytes AntiMalware. MBAM caused me considerable problems initially, being one of two programs that had been actively bocked from running by one of the nasties I had picked up. Only after renaming the main executable, and running it in safe mode was I able to proceed. This initial scan found 19 infections and managed to clean them sufficently that when I rebooted I was able to run the program in a normal environment. I updated the program and ran a full scan, which found a further 8 infections, bringing the total to 27. Where MBAM did better than other products on test was it's ability to remove hijacked DNS entries (which forced redirection of links from popular search engines to less productive sites).
Separating A2 and MBAM is almost impossible. I found them to be on a par with each other regarding their scans, but both require a technical proficiency that many may not posses; A2 requires manual removal of many threats, whilst MBAM forced me to jump through hoops to get it working.
PCTools SpywareDoctor SE also performed well in scanning, finding 24 threats (excluding cookies). Unfortunately, cleaning the system proved more problematic. Despite reporting successful cleansing, SD failed to terminate processes already running, and did not in fact clean some of the more annoying infections. It would also be useful if SD prompted a reboot after cleansing, though it did not do this, and only experience dictated that this would be a good idea.
SD does, however, include real time protection, which most other products don't, and this protection did block those infections that it had failed to clean. Nevertheless, a further scan and clean with SAS was needed to fully clean my test system. A fine effort, but sadly falling short of the mark. Do note that the free version is no longer available from the PCTools website. It can be obtained as part of the google pack, or from here.
Old timer Ad-Aware, coming in at 35.7MB performed reasonably, if not exceptionally, finding a further 24 infections even after cleaning with A-squared, 4 of which represented real threats, whilst the remaining 20 were cookies.
Doing less well in on demand tests were Spybot S&D, Spyware Terminator and The Cleaner 2010. Spybot was the other program that was actively blocked from running, and nothing I tried could overcome this. It does come with an on demand file scanner which can be run from the command line and set to scan your entire drive. However, after letting this run for over an hour and noting that progress had barely touched my relatively small installation system (2.1 Gb) I cancelled. It would take an age to complete the scan, and would only examine files. Registry entries and services would be left untouched. Spyware Terminator found just 3 threats, and The Cleaner 2010 found absolutely none.
Arovax Shield is still in development, and starting to mature, though there are still bugs to be ironed out. For example, once installed, and after the obligatory reboot to enable it to start it's services, it immediately complained that it could not find Firefox. This is no surprise since FF was not installed on the test system, though I fail to see why it should prevent it from doing it's job. Maybe as time progresses this will become more viable, but in my opinion it isn't quite there yet.
And so that leads us to my standard "other recommendations". Internet Explorer has now reached version 8, which I am sure will become the most prolific web browser before too long, and as such will be the most heavily targetted. I stand by previous recommendations that an alternative browser (of which there are many free ones these days, including Firefox, Opera, Google Chrome and Safari) will offer a safer browsing experience.
And in order to shut the door after the horse has bolted, there is still little more useful that HiJack This, which is still a tool requiring expert help, but can be invaluable in helping to clean an infected system. Fortunately, the expert help is still only a forum away.
 And as always, let common sense guide you. Don't run a program from an untrusted source, and don't visit websites where infection is likely. You should also beware of popups from programs that you haven't installed, some of the fake anti-spyware I managed to pick up in my browsing sessions was surprisingly convincing. Remember, sometimes malware will scream into your face that it is there (see pic, not a genuine window amongst them). It will just not tell you what it really is.
|
|
Related Products and Links
|
|
|||||||||||||||||||||
|
|||||||||||||||||||||
|
|||||||||||||||||||||
|
|||||||||||||||||||||
|
|||||||||||||||||||||
|
|||||||||||||||||||||
|
This software category is maintained by volunteer editor Steve Hargreaves. The comments section below is so lengthy that it has become difficult for our visitors to read. Future posts will now be edited for length and repetition, and personal attacks deleted. You are all welcome to join our Security Forum which is much better-suited for intensive debate ... peter |
|||||||||||||||||||||
4.30.1004 
Unrestricted Freeware 
Windows 98, 98SE, ME, 2000, Vista, 2003 and XP Home/Pro
Delicious
Digg
StumbleUpon
Please rate this article
Let's be clear, no single product is going to solve the plethora of malware problems. You're going to need at least 2 or 3 of these applications, running in succession, to find and quarantine/remove infections.
I use SuperAntiSpy and MalwareBytes for bi-weekly scans, in addtion to the fulltime memory resident Tea-timer app (from Spybot S&D) in the background.
Users will also want a good rootkit analyzer or two in their toolkit.
I have some doubts about SuperAntiSpyware! I have the Professional Addition, and also have A-Squared Free, and Microsoft Essentials. My pc was bought on 11-25-2009....to date I have found and removed 44 infections. A-Squared got rid of 28, Microsoft Essentials 16, and SuperAntiSpyware not one, yep thats right not one! I think I could have spent that $19.95 on beer or something!
Do you always run SAS last?
I personally do not like A2 free.
I use malwarebytes most as a first call scanner. When its done the only thing SAS usually finds are some leftover tracking cookies. Its different if I run SAS first.
I feel that despite SAS #1 standing on this board it is Malwarebytes that is the king of the free anti-spyware apps. It won't catch everything but it is amazingly effective at killing rogue antiviruses.
-J
Hey guys, I was wondering what was going on with IObit's 360, I know there was a problem previously and was wondering if this was resolved and are they any good compared to the rest of these, thanks.
Its still not resolved. IObit's site continues to have unsatisfactory WOT rating. We do not recommend their products. Further comments on this topic will be simply deleted.
I should have included that super anti-spyware is the product I am trying to install.Sorry
Try the suggestions here:
http://www.superantispyware.com/supportfaqdisplay.html?faq=71
Steve
While trying to install i get the following= error message 1310 Verify that you have access to that directory. I do have access and am installing with adnubistrators privileges but it will not install and finally forces mr to abort. Any insight would be appreciated.
Thanks
I realise all Gizmo editors are overworked, and busy. But, i do feel someone should review the inclusion of Ad-aware in this list. I have just tried to install the program, and it seems to have a glitch on certain OS. If you google 'ad-aware will not connect'........you will see this is an all too common theme. The frustration increases, when the Lavasoft website, gives 4 fixes, and for my Vista machine, none of them worked. IMHO this free download, is trouble waiting to happen for the below average user. I have seen forum fixes which refer to adjusting proxy settings- turning off ones firewall, and AV. Can an editor, confidently, refer a product with these problems? Thank you.
IMO Ad-aware and spybot which were heavyweights 5 years ago are no longer relevant.
They have been replaced by malwarebytes and Super antispyware. 5 years from now it will be some other dynamic duo.
http://www.superantispyware.com/portablescanner.html
Hey guys, I went to the above SAS site to download the portable version of SAS.
Each time I downloaded it (3 times), it came up with a different name to the file:
SAS_93123654.com, SAS_9039894.com, SAS_74972.com, etc.
Is the above site a good site and are these files actually okay to use??
Tnx a bunch!
Cindy
Yep, that's normal to try to prevent malware from blocking SAS.
I'm in the process of re-testing software for an updated review, but I only have limited time owing to commitments in my day job. Having said that, I haven't yet experienced problems with ad-aware myself, though I am loathe to recommend it as one of the top applications.
In the past couple of years, whilst Ad-Aware has tried to keep up, it has fallen behind the market leaders in freeware anti-malware. Whilst I haven't yet tested the latest MBAM, other reports I've read in a variety of places suggest that it may be a firm contender for the top spot this time around.
Personally, I stand by combining SuperAntiSpyware and MBAM as an effective defence mechanism until testing is complete.
Steve
'...I am loathe to recommend it as one of the top applications.'
agreed, adaware is bloated and not more effective than the likes of sas, mbam, and even spybot imo.
this forum is sleeping...
Why not join us as an editor and help to wake it up?
What exactly are an editors duties?
As much or as little as you can contribute basically. The minimum we ask is that you agree to take on one category of your choice, maintain the review, and answer comments here and in the forum. Some editors manage multiple categories but we appreciate that not everyone has this amount of time to spare. There are other things you may wish to become involved with such as the closed forum projects, but this is not a requirement. There's much more to TSA going on behind the scenes than is noticeable from the public pages. These are the categories currently without a home:
http://www.techsupportalert.com/unallocated
Why not have a browse through and see if there's something you'd like to take on?
Alright, I'll do that.
Hello. I just wanted to report this antimalware test made by malware research group, here: http://malwareresearchgroup.com/?page_id=2
Malwarebytes scored a perfect score (I think they used the full version), but they let SuperAntispyware stay out.
Please be very cautious as to what you believe from the Malware Research Group. Some question their ethics and/or methods. For more information, please see this link at Wilders:
http://www.wilderssecurity.com/showthread.php?t=251113
I have nothing vested in whether or whether not they are a legitimate, professional, testing organization. I just think it important to bring concerns to people's attention.
I just had a question regarding HijackThis. Since many experts use the logs generated by that program to clean infected systems, I was wondering whether that program is outdated because it isn't regularly updated. According to one website (geekstogo), they use another program called OTListIt2 or OTL to create logs instead of HijackThis. Is that program good? How does well does it work compared to HijackThis? (just looking for more opinions on this program) Thanks ahead!
Steve has given a good reply.
I would like to add that a new version of HiJackThis is under development. The beta version can be found on download sites. Final version will come soon.
I've only tested HiJack this in this category of program up to now, though I intend to try others. However, the nature of the program is such that updates are largely irrelevant. It isn't a malware scanner, but more a process reporting tool. It still requires someone with knowledge to interpret the results and determine the action to take,
For this reason, a lack of updates is not a reason to abandon the tool. It's as useful now as it was when first released.
Steve
Thanks for the reply and explanation! I read on geekstogo that some malware has changed to hide partly/completely from HijackThis scans. Since that is only one website, I am not sure whether that statement is valid or not. I hope that if OTL turns out to be a good program it can be added to this site. I love the advice/information given on this site! Keep up the good work! :D
you can kill the "Prevented from running" issue by re-naming the HiJackThis executable to something else - for example - call it zkr.exe.
This is a known problem - and renaming fixes it.
No software is immune from this kind of hiding, though only apply the fix where you know it won't interfere with the running of the program (HJT works fine with another name) - or at the very least - remember what you changed.
Steve
"How to Stop 11 Hidden Security Threats"
You can read the entire article, here:
http://www.pcworld.com/article/187199/how_to_stop_11_hidden_security_thr...
Excerpt:
"Read on for descriptions of 11 of the most recent and most malignant security threats, as well as our complete advice on how to halt them in their tracks."
Wolfram
I am very suprised with such low score for A-Squared - it is a bit strange that in test included in article A-Squared loses with SAS but in test ran by for example malwareresearchgroup.com or mylovelyapps.com (link in post below) it's exactly opposite.
Is any chance for comment from article's author? Thanks in advance!
Happily.
In order to test I create a clean VM, and then browse the less salubrious parts of the internet in order to pick up infections that anyone may find in the wild. I then copy the VM and begin testing, restoring the VM after each test to ensure a fair comparison.
The fact of the matter is, in my last round of tests, A-Squared was quite simply unremarkable.
However, I started a new round of test about three months ago (Though that's long enough that I'll have to start again) before my primary daytime job (the one that pays the bills) got extremely busy.
Today marks the passing of the busy period, and I'll hopefully get a week off next week, during which I intend to make a long overdue update
Based on hearsay I expect A-Squared to do much better, though you can be sure I'll report what I find honestly and impartially.
Steve
Thank you for such quick answer! - for now I will probably install some additional soft (like Malwarebytes or Superantispyware) for enhanced protection - I am looking forward new tests results.
For those of you thinking SpyBot is the last word in getting rid of spyware...Sigh...
http://www.mylovelyapps.com/comp/antispyware-test2009.htm
Hey, I want to thank everyone who commented here. I was trying to figure out which software to use on 3 computers, all with different tech-savy users.My laptop,(I'm a CIS student) my desktop(used by the kids and relatives who barely know how to save files) and my husbands laptop for work(he had to be shown how to turn the darned thing on)It sounds like freeware is a possibility for me, I know how to do things manually.Unfortunately, it does sound like I'm going to need to keep paying for Norton (or something like it) on the other two, unless I want to have to ride herd. You have all been most helpful!
Erin in Oregon
Norton has gotten better, by the results of recent Independent Testers. Microsoft Security Essential is as good as Norton or a little better by the same Independent Testing results and it's free...
You can dump Norton too (and say "Good Riddance" in the process).
See http://www.techsupportalert.com/best-free-anti-virus-software.htm
My own personal choice is Avast - but whatever floats your boat :)
Steve
Thanks, Steve, for mentioning "Avast"... after much reading of all the spyware products, I kept an eye out for "Avast". But I'm a little puzzled. I have a friend who is rather computer savvy (I'm almost illiterate), and he removed Norton for me and installed Avast - his guru uses it and swears by it. Just what is the difference between Norton, Avast, etc., and the likes of Adaware, etc..?? And, if I decide to choose among spyware products, will I have to remove Avast?? - I've heard that it's bad to have more than one security program.
Thnx in advance for your comments.. lamebrain ron
There's nothing lame about your question, and it can be a source of constant confusion for those who consider themselves "users" of computers rather than geeks.
Simply put, there are three main category of malware (though there are many sub-categories). The three are Virus, Adware and Spyware. Adware and Spyware are often lumped together into a single category these days, though I take the view that true spyware is quite different, but I digress.
Adware will typically lead you down a path where you install or purchase software (or indeed any commodity on the market). People who employ this tactic usually sell poor, ineffective or downright fraudulent products.
Spyware in it's purest form will monitor specified activity on your computer (often browsing habits, but sometimes more serious activity - I would argue that a keylogger, for example, is spyware) and report back to a remote computer. The typical chain of events would then result in you receive targetted spam emails. This is why there is a general grouping of Adware and Spyware, and why, typically, "Anti-malware" apps will sxan for and try to remove both.
Viruses are a different beast, and will usually change the way your computer works, injecting code into applications to change default behaviour, running processes in the background to ellicit a desired result (often linked to adware and spyware), and in the worst case, will have decidedly destructive consequences, such as wiping your files, or even deleting files to such an extent that your computer will no longer boot.
Given the right programming, it is even possible for viruses to exert sufficient force (whether it be overuse of drives, or overloading the processor) to physically damage hardware.
Historically, viruses have had separate anti-virus applications to combat them, largely because the techniques used to detect viruses differ from those used to detect other malware.
There are, of course, crossovers appearing all the time, and the lines are blurring rapidly.
To install any of the spyware applications mentioned in this review you do not need to uninstall Avast. The two will co-exist quite happily. However, if you decide to try an alternative anti-virus program you should uninstall Avast first since different AV programs running on the same system can interfere with each other and make them less effective.
I hope that this helps.
Steve
SuperAntiSpyware now has a portable version. Put it on a USB and go. I just used it to cleaning a machine. The other spyware programs I was trying to use were getting blocked by the spyware.
Oops I guess I should have read the post before mine.
SAS has a portable scanner available now :
http://www.superantispyware.com/portablescanner.html
Free for personal use.
I have recently begun using Superantispyware paid but wondered if this program has automatic updates as I have never seen it update automatically. Perhaps no indication is given but I would like to know.Other security programs such as Avast give a can't miss notice that an update has taken place. Thank You
SAS does update automatically, and usually notifies.
Right click the bug icon in the system tray and select "View Control Centre....." , click the updates tab and enable whatever you can.
That should do he trick.
Steve
A-Squared has never helped me..
Awhile back I ran several top named scanners and each one found nothing. I decided to try A-squared free and it found two very nasty Trojans and neither were false-positives, so I am sold on A-squared even though it takes a little longer to update it's two engines...
I also have never had any luck with A2 but their new HIJACK FREE app is a lifesaver. Its basically like a much easier to use version of process explorer (what a mess that software is. The gui is so bad you have no idea what yer looking at or what to do with it. Definitely beta software designed by an engineer for other engineers).
Many new bugs disable the task manager which is a serious roadblock if your trying to clean your computer and you can't even get your AS and AV software to run. But with Hijack free you can shut down processes, services, ports and all kinds of other places where malware hides then you can carry on with the disinfection. Brilliant!
-J
1. Why is SuperAntiSpyware so slow to load and update? It's ridiculous: once selected, the program takes almost a minute to appear on screen, and updating takes minutes to complete. This is in stark contrast to the blazing speed of Malwarebytes. Do other people here find SAS to be slow?
2. SAS skips files over 4 MB when scanning, along with other defaults. Is this safe? Should these default settings be changed?
Thanks.
Responding to post #1...
"Why is SuperAntiSpyware so slow to load and update?"
When is the last time you updated the program version? Several months ago, I too experienced a slow load with SAS. I then updated to the newest program version (as of this email, it is 4.33.1000) and the load time dramatically decreased to about 5 seconds.
"SAS skips files over 4 MB when scanning, along with other defaults. Is this safe? Should these default settings be changed?"
You can easily change these settings by going to the Preference tabs.
Thanks for the tip-off: I checked and sure enough, I have an older version. It seems when you click update on the main page, it only updates the anti-malware definitions, not the program. To update the program, you have to go to the Updates tab > Check for updates now, and while there you can tick "check when application starts." Once updated, the program launched in under 10 seconds, and got new anti-malware definitions fast.
As for the settings, the two I wonder about are "don't scan files over 4 MB" and "don't scan non-executable files"; the program recommends you leave them unchecked, and skipping these file types undoubtedly is why SAS is so fast in scanning. Should they be ticked, though, or is is safe to it alone?
This is my only gripe with SAS. If the engine is old and needs to be updated then SAS should do so automatically just like MWB.
IOW, when you click update, it should determine that there is a new version available, download and install it along with the latest definitions.
-J
Is it a good idea to run both SAS and MBAM at the same time?
No-not if both are running real time protection.It is best to have SAS as your real time and MBAM as a scanner.
Post new comment